When Computers Attack

Sunday

Jun 24, 2007 at 5:27 AM

Governments are readying themselves for the Big One, a long-announced, long-awaited cyberwar of global proportions.

ANYONE who follows technology or military affairs has heard the predictions for more than a decade. Cyberwar is coming. Although the long-announced, long-awaited computer-based conflict has yet to occur, the forecast grows more ominous with every telling: an onslaught is brought by a warring nation, backed by its brains and computing resources; banks and other businesses in the enemy states are destroyed; governments grind to a halt; telephones disconnect; the microchip-controlled Tickle Me Elmos will be transformed into unstoppable killing machines.

No, that last item is not part of the scenario, mostly because those microprocessor-controlled toys aren’t connected to the Internet through the industrial remote-control technologies known as Scada systems, for Supervisory Control and Data Acquisition. The technology allows remote monitoring and control of operations like manufacturing production lines and civil works projects like dams. So security experts envision terrorists at a keyboard remotely shutting down factory floors or opening a dam’s floodgates to devastate cities downstream.

But how bad would a cyberwar really be — especially when compared with the blood-and-guts genuine article? And is there really a chance it would happen at all?

Whatever the answer, governments are readying themselves for the Big One.

China, security experts believe, has long probed United States networks. According to a 2007 Defense Department annual report to Congress, China’s military has invested heavily in electronic countermeasures and defenses against attack, and concepts like “computer network attack, computer network defense and computer network exploitation.”

According to the report, the Chinese Army sees computer network operations “as critical to achieving ‘electromagnetic dominance’ ” — whatever that is — early in a conflict.

The United States is arming up, as well. Robert Elder, commander of the Air Force Cyberspace Command, told reporters in Washington at a recent breakfast that his newly formed command, which defends military data, communications and control networks, is learning how to disable an opponent’s computer networks and crash its databases.

“We want to go in and knock them out in the first round,” he said, as reported on Military.com.

An all-out cyberconflict could “could have huge impacts,” said Danny McPherson, an expert with Arbor Networks. Hacking into industrial control systems, he said, could be “a very real threat.”

Attacks on the Internet itself, say, through what are known as root-name servers, which play a role in connecting Internet users with Web sites, could cause widespread problems, said Paul Kurtz, the chief operating officer of Safe Harbor, a security consultancy. And having so many nations with a finger on the digital button, of course, raises the prospect of a cyberconflict caused by a misidentified attacker or a simple glitch.

Still, instead of thinking in terms of the industry’s repeated warnings of a “digital Pearl Harbor,” Mr. McPherson said, “I think cyberwarfare will be far more subtle,” in that “certain parts of the system won’t work, or it will be that we can’t trust information we’re looking at.”

Whatever form cyberwar might take, most experts have concluded that what happened in Estonia earlier this month was not an example.

The cyberattacks in Estonia were apparently sparked by tensions over the country’s plan to remove Soviet-era war memorials. Estonian officials initially blamed Russia for the attacks, suggesting that its state-run computer networks blocked online access to banks and government offices.

The Kremlin denied the accusations. And Estonian officials ultimately accepted the idea that perhaps this attack was the work of tech-savvy activists, or “hactivists,” who have been mounting similar attacks against just about everyone for several years.

Still, many in the security community and the news media initially treated the digital attacks against Estonia’s computer networks as the coming of a long-anticipated new chapter in the history of conflict — when, in fact, the technologies and techniques used in the attacks were hardly new, nor were they the kind of thing that only a powerful government would have in its digital armamentarium.

The force of the attack appears to have come from armies of “zombie” computers infected with software that makes them available for manipulation and remote command. These “bot-nets” are more commonly used for illicit activities like committing online fraud and sending spam, said James Andrew Lewis, director of the Technology and Public Policy Program at the Center for Strategic and International Studies.

The main method of attack in Estonia — through what is known as a digital denial of service — doesn’t disable computers from within, but simply stacks up so much digital debris at the entryway that legitimate visitors, like bank customers, can’t get in.

That is not the same as disabling a computer from the inside, Mr. Lewis stressed. “The idea that Estonia was brought to its knees — that’s when we have to stop sniffing glue,” he said.

In fact, an attack would have borne real risks for Russia, or any aggressor nation, said Ross Stapleton-Gray, a security consultant in Berkeley, Calif. “The downside consequence of getting caught doing something more could well be a military escalation,” he said.

That’s too great a risk for a government to want to engage in what amounts to high-tech harassment, Mr. Lewis said. “The Russians are not dumb,” he said.

Even if an Internet-based conflict does eventually break out, and the dueling microchips do their worst, it would have a fundamentally different effect from flesh-and-blood fighting, said Andrew MacPherson, research assistant professor of justice studies at the University of New Hampshire. “If you have a porcelain vase and drop it — it’s very difficult to put it back together,” he said. “A cyberattack, maybe it’s more like a sheet that can be torn and it can be sewed back together.”

That is why Kevin Poulsen, a writer on security issues at Wired News, said that he had difficulty envisioning the threat that others see from an overseas attack by electrons and photons alone. “They unleash their deadly viruses and then they land on the beaches and sweep across our country without resistance because we’re rebooting our P.C.’s?” he asked.

In fact, the United States has prepared for cyberattacks incidentally, through our day-to-day exposure to crashes, glitches, viruses and meltdowns. There are very few places where a computer is so central that everything crashes to a halt if the machine goes on the blink.

Russian space engineers struggled to fix crashing computers aboard the International Space Station that help keep the orbiting laboratory oriented properly in space — if they hadn’t been fixed, the station might have had to be abandoned, at least temporarily.

Down on earth, by comparison, this correspondent found himself near the Kennedy Space Center in a convenience store without cash and with the credit card network unavailable. “The satellite’s down,” the clerk said. “It’s the rain.” And so the purchase of jerky and soda had to wait. At the center’s visitor complex, a sales clerk dealt with the same problem by pulling out paper sales slips.

People, after all, are not computers. When something goes wrong, we do not crash. Instead, we find another way: we improvise; we fix. We pull out the slips.

Never miss a story

Choose the plan that's right for you.
Digital access or digital and print delivery.